Bug#861481: unblock: weechat/1.6-1+deb9u1
Control: tags -1 - moreinfo
Hi,
On Sat, Apr 29, 2017 at 03:23:00PM +0000, Niels Thykier wrote:
> Control: tags -1 confirmed moreinfo
>
> Salvatore Bonaccorso:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian.org@packages.debian.org
> > Usertags: unblock
> >
> > Hi
> >
> > Disclaimer: please note, not the maintainer here, but Emmanuel is
> > X-Debbug-CC'ed.
> >
> > Please unblock package weechat
> >
> > I guess 1.7-3 as in unstable, fixing CVE-2017-8073, #861121 cannot be
> > unblocked, since the changes to 1.6-1 are way to much (if yes, though,
> > that would great). If not, I propose a targeted fix to fix this CVE:
> >
> > +weechat (1.6-1+deb9u1) stretch; urgency=medium
> > +
> > + * Non-maintainer upload.
> > + * irc: fix parsing of DCC filename (CVE-2017-8073) (Closes: #861121)
> > +
> > + -- Salvatore Bonaccorso <carnil@debian.org> Sat, 29 Apr 2017 16:31:58 +0200
> >
> > The issue is as well fixed already in stable via a DSA.
> >
> > unblock weechat/1.6-1+deb9u1
> >
> > Regards
> > Salvatore
> >
>
> Ack, please ago ahead with the tpu upload.
Thanks, uploaded.
Salvatore
Reply to: